A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change finger(chfn). Although it is not possible to exploit this directly (for example, adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Using \r manipulations and Unicode characters to work around blocking the : character makes it possible to give the impression that a new user has been added. An adversary can convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that “cat /etc/passwd” shows a rogue user account.
bugzilla.redhat.com/show_bug.cgi?id=2187184
nvd.nist.gov/vuln/detail/CVE-2023-29383
www.cve.org/CVERecord?id=CVE-2023-29383
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797